9c90145d8b0a48b3e9e80d7fb95eb9ab762c61375e869c5f1be488383677d0f0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe
Size

157KB
MD5

b27a78d2426eb546a4028a8b1e9680bf
SHA1

2a4db4bda482a1e59b189d0d17dbcdda67815db7
SHA256

9c90145d8b0a48b3e9e80d7fb95eb9ab762c61375e869c5f1be488383677d0f0
SHA512

4ee87f4bf0e330cf8470eda6335ee2902cd07d6d8b4660821abe4b1e718b49a679136b2776bc8042076fe8433d91e789ee878f3cc482ce436e196499e6910308
SSDEEP

3072:Q99jHL/F9BRqKY5nPd0LBuZXwBuTuu5OuTbmKsAkfGRMvBCcNt0000j0000NWYq:wjHL/F9B0KY5nV0LBuZXwAasOmwvBF0F

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3008	ctxmon.exe

Loads dropped DLL 3 IoCs

pid	Process
2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe
3008	ctxmon.exe
3008	ctxmon.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\atitool = "C:\\Users\\Admin\\AppData\\Roaming\\pwrwin.exe"	ctxmon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\yazzz = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ctxmon.exe"	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\atitool = "C:\\Users\\Admin\\AppData\\Roaming\\pwrwin.exe"	ctxmon.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ctxmon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000002e4c13660a6ae924f304ba90ee64a2604249af5140c4adac9fc4ad8b4413c385000000000e80000000020000200000001b8138f6af1a44a035fea3a3218b35dee1ab9f7b26e4f4856eb24f57390c1c3c2000000029d684df77bc3c90b1a18b259e65e9ba1a336e3927911c380aa5366059c71603400000002645ffef010a7c2f5e2c061523a6ddb34b09ae9eca53b7ea204a9baaef29a443493b65a856ec091ea40f043a60922323e48b46e1f06ed44b280d8451b810806c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602b817396f3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000ddcffe37073ba899c085a65a233fc947df95e54dc34cc4374203481e22788021000000000e8000000002000020000000ace58c1dfc374f8f93a902bfc1f4281e53132c4c0a5e20ffabf64fe6d69e830f90000000987452c0807d5da5f131c326231be3ac884f68aac7b3442b43aa5d9f8ceda9f31d1de6764fa8c47acdd4cdb8c259668660a7dca00be5530e84a415691656fc046f238804e324c6f3ded0c39ea4791f156de5fdb31d814ac6b7da92ebc262dc99dd7b8b6a4d5816ca6cdc5a516f613da6682cd7a56d73d2ad2f730716be1b6586bdf6b266d09ed64d2abd43ccd24a2653400000000b96219ce155c9305c8ac2a993ff41a429132a174c211e7a83d7a66b9827d76ba0b05137017e5754558d5646fd0db711d561c06b875ac11e95c0c18a394ccb79	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CE16471-5F89-11EF-9BC7-EEF6AC92610E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430384880"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2928	iexplore.exe
2928	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2424 wrote to memory of 3008	2424	b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe	30
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33
PID 2928 wrote to memory of 2748	2928	iexplore.exe	33

C:\Users\Admin\AppData\Local\Temp\b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b27a78d2426eb546a4028a8b1e9680bf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\ctxmon.exe
  C:\Users\Admin\AppData\Local\Temp\ctxmon.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:3008

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9203dfb6efffa4b4fb4c1af4b291d847

SHA1
23bfd89bf344a2b056ea730913fe456ec2c0f90e

SHA256
159fda59fb74b164dbcf4913b67ca7f9efd7c5d3bfd136080d481a9f7289dda0

SHA512
de17466859c3b442368e5943a857cd86bbca93d67257e227f8b84240c4bbf55fff8bd1badc51548e2cc97c1e40ae624e820013b5e8597718f479cb789026f704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fa3c9ec3c2516d1b7d4aa369d6e29bc

SHA1
bf130bac2a26df05abd054978b2353bb2346b9c5

SHA256
400e6bab8f76900921eb4355b2d0fb705244a9f83b80599fb76b2cd3df25c899

SHA512
4eda07032c1bb7424c1c834882086427cc65213a77a08c3321e4acd0f384bf87db56314529ef45524d63690bccdf2fa3cc1bff395dbfd05673f860da611d07b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fd7b1484b8152f8d5cea95d4092bdc3

SHA1
1519342dbf34377329371bd7cb962cd147ada2e7

SHA256
45155c6bd97d63907b1de37a2c699612b8f1803a2697cf6dcaf2bb0475b2cb2e

SHA512
750fecdf224e6e68f28f8a0c9a5790a241140813e28d1afb53706c6a29d88ad0ae532068c425a0d601155a60259d1a9f3daff0d9df53c4073e436219b8dd37a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7167a635630b7da1afada91cf8e946db

SHA1
bcf35c6bc78bd66ef9a95c11e3383e4c196a0608

SHA256
cad2651fb0f96debe717e6cd8589f3d462355e5c373d3ba3c1eba2172b751464

SHA512
5d57fc6579e1d21edbc008b268e25c48d2092cec4d4f1bd21f5e889bf09ad4131b75a3a2e5cddf22ebee6f3dc03a83365ff7ffba3f66a86c2712588a8240f44e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06bfacfacaba52c74bcdcee73b8b787b

SHA1
8ae0f198c12f27229bbdff2edcb0af7640e82705

SHA256
9229fe9a0aecf4da8895093fd8a162055969e35d87bf090f195ddd11f737e098

SHA512
872dc46ddca8679ca7ccebdb8f02e65e85d4f60409ece6e2411fbbb06fa3ecea2f950d6980a57add8d725656305e1e0cf8a743b6b21727e1602273d25ab4c117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79eef2d390df5ba8fc4a087079d39700

SHA1
12f1d7af6b81a8ffd10758a91cf7a436d8a1a8f3

SHA256
b7277db4c8dec8dff020f8b62ad1679d40b595916cae1065446da5a0204a726a

SHA512
f2cde20ed556525c6d4d16fadebb7130814cef07553368fe0f80269c13281afee86f441429908f061d1e68eac8d551697e896238c4fcd13da5614260e2175d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1044b9625b1b439eb7e5011835aa0534

SHA1
cb9509a6abc368dcf1206bd6e0170a4bc87e8fb4

SHA256
0574d0bb17987186d5d7817eda5886b07989764c5d2c46f596f7c2a5abf5461a

SHA512
960c352bfba9fb07df0c5b9769fff71877ef7d69a38a4e9e4615877b5c2738c92d30e85ff1fbda6c9de6117acd6eebc06a47f21de261ebd3259b6e04a52994bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2332082808b76736c70149cc2c7f4c6

SHA1
bf4008a5299bf596d6ae05f3c36c86196c9e9b25

SHA256
9ee6b08caa5a271c2a3da2e9e74055a670347857f2c4269abd9e76365bff9a34

SHA512
ec87a898a7db5a5eef38feb7f062ed51041b41641176158c8ebf682868efbea27fd38507f758ffdf322e42b8e3fe46742eb889c51e68d8cda4409dab4412acbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6088590e1f0a5ba3459a87bd0e3f9bc5

SHA1
b55dd2f190df4a06fa5ad88f7a435da89ec60124

SHA256
cc47710aa02df35b5d3726447fd316407ffe6cccd260d6d5a2211b559808f545

SHA512
834bb98933e87f0c76c7f14f059ed0ed0015cb1df3e3eeba90f8678016b422e207b71bb5c26a24f34b3b5476f11891df72670fec5ec18b9dfad6df431a1c9588

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef0529cf1e736251236542497b8f0bd4

SHA1
4dfb7191c9fadfc1fded82aa3421b9dcfdaa8ad3

SHA256
699f8160692d715f2d20eb44df1ebad24ab5fc06460a0ef4dbe442e59e795431

SHA512
e961b5bb7568e5e3bb469df75189ef5464a2ef2ea6fcefd5320b6da26b57260e89a99e7029d6b239cada3c5503df57ec5b6fbbe44802813fdefb2a0d78f007fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
071ef78869d4f6e3afc412b0fd05037c

SHA1
16b3220427f59f5b9fc8f1e7e2f9a7b07f0ecc18

SHA256
5c2f199bc3440a980b662c97f8e30c32bf1ecfbe7f8a38b0d3bdefb09d9b2887

SHA512
ecd132f2d35e665ce15530ab38a1ee0ee3f44ac5cb2387034c96d2976941ea30305010c39e0555c7518af4a8b368fdd73992cdc33bea97957d642d973d005d14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff0c76cb44866ae0a3484bf815a86f47

SHA1
a7b85ba4400a0e37b65bb2fdc14844cef8177908

SHA256
963428565ccf6deabbb449305ed1d9014fc62b63bd3d2680ea7e9f5b483a26ec

SHA512
9fb815af36e04467c10acabc53c8c28874c437b3b2d1328676349877d7a6b3915db57dd6d3a544092b0ea439681c030f2884b9700e298949a72797061da918f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15ffdf59cda318fd1715d01d443b1b71

SHA1
4c75a43735712ffd02ccfdf492ebe800b7684e01

SHA256
e84874665986af091bce8bcd814b22eeacc172fccacba56d3f9618d267ae3a37

SHA512
2acf6dddbc90fd83c4218df6eda539ec3c6769025c9e9100315067a09cb247b7c4cfa7d399a6433651b1f55d4ca1a7a735faa463b1fd774835563c73fce5935c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef6b92e9af847956af0ae16bb2c9fb23

SHA1
08bf9e0b2c8f462f0caf978bdca7e639b1815b00

SHA256
e323d1e41aa61c8373bcdb344f5074b6c06f5cd6dcf8f07c42fba2046ef008f0

SHA512
c47a25f02d756d7047fd3db1461a9e8a09155b480d3a323f92be6581fb8f00ed6c54c95bf284ab7ebce964285f254508bb45b1405720c23213a432a7f1067efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82ffef931ed79f55d4023aea91b47118

SHA1
cd0bf586b58222f520dd65cf38796fb3bd7aa793

SHA256
1ba34d5477ab570f2b71933158d48913b891ab0cfb49ea469c2dc4d1f3bf2cc2

SHA512
c500560c88587c1cba4f403c6a8e5739b4d158046de4d5f0b72dbc7067544463140b74c3ddb113c5f2619b134960fb3887ac69250abdf505dbdfc5d3145acd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f71af5f006a3a89c03bacc8c0d931d84

SHA1
a45d5e7298740e3290a37bff56750cf426ab5675

SHA256
c7b76b5b57df4ec86f97635b7f53c5b37c0925f96e1c8d19f84a09b8d1598564

SHA512
06de7f69de8bbe91ec450ad1c1b3a222f3c992406b7b7841d635f246cb31affedcd9694b3ed634e56db0e3c53ed667ff6d56705a618d66ba16202263e452f8bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df8b1d2182290d61f4162a0a5d075f9a

SHA1
3a0812c2dda57b333fb2c4bf3f42be7e1d36c2a4

SHA256
7ebe566d267181571bfe2047b13e44a1b64b650d5389fe19b5e81929b91e84e9

SHA512
bc01df21e8e2d8d1f98695831e1632f56ac3f3d176c19ce665325cdf1ecec4496a05b03711ddb28348a230169a881d5825f0798cc3f269550eb0cbfa9ea2e3ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1994105b1d7932c082363ff7b36197b

SHA1
c0ee536acad17abf42d64fdce1410fc9fdb22c42

SHA256
a91bef8bd71f8d40c6e013a706bd755182c7f3c3248f2771fd3278c219419603

SHA512
aeffde830b13dad6309bbcd40a7e3252595a71804629c631dae232e56a01e8d4a2a32620aa3c18ac2b91d012fc658e044f00ee176fe2b6ae5e0d09a968a6a443

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DBD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E7B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Temp\ctxmon.exe

Filesize
115KB

MD5
b41dd2240b072ec09744353fc20b7f83

SHA1
33ffb4d4d4cb3e38b674d71abef6e9946b0cf9a8

SHA256
2b8614f538c2d60ff88db94992fd42f938e444d0074308f8a02f3e7d7e38c3d3

SHA512
8fcc0366f7ea38b474205a6f9e1a0e7ca41dfc16be59e5c06b72eed32b83fb1936bbe1a2b9d77231dcff06d615347e51e9d0e7ec3f8fad31f42d1b4829adedd1

Download Submit
memory/2424-17-0x0000000001001000-0x0000000001003000-memory.dmp

Filesize
8KB

Download
memory/2424-19-0x0000000001000000-0x0000000001029000-memory.dmp

Filesize
164KB

Download
memory/2424-18-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/2424-0-0x0000000001000000-0x0000000001029000-memory.dmp

Filesize
164KB

Download
memory/2424-15-0x0000000000170000-0x0000000000199000-memory.dmp

Filesize
164KB

Download
memory/2424-16-0x0000000000170000-0x0000000000199000-memory.dmp

Filesize
164KB

Download
memory/2424-14-0x0000000000170000-0x0000000000199000-memory.dmp

Filesize
164KB

Download
memory/2424-13-0x0000000001000000-0x0000000001029000-memory.dmp

Filesize
164KB

Download
memory/2424-4-0x0000000000170000-0x0000000000199000-memory.dmp

Filesize
164KB

Download
memory/2424-6-0x0000000000170000-0x0000000000199000-memory.dmp

Filesize
164KB

Download
memory/2424-7-0x0000000000190000-0x00000000001C5000-memory.dmp

Filesize
212KB

Download
memory/2424-20-0x0000000000190000-0x00000000001C5000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads